OpenClaw Semantic Drift Vulnerability in System.run Approval Hardening Allows Arbitrary Script Execution

A vulnerability exists in OpenClaw versions prior to 2026.3.2, where the node 'system.run' approval hardening improperly rewrites wrapper command arguments. This semantic drift allows execution of unintended local scripts. Attackers who can manipulate the wrapper arguments and place malicious files in the approved working directory may exploit this vulnerability to execute arbitrary scripts. The issue arises because the argv rewriting alters the runtime behavior, deviating from the approved command text.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of local scripts, bypassing the intended command approvals.

Reproduction

To reproduce this vulnerability, first place a malicious script in the approved working directory. Then, influence the wrapper argv to include the path to the malicious script. When the 'system.run' command is executed, the argv rewriting will change the command execution to the script instead of the approved payload.

Remediation

Users can upgrade to OpenClaw version 2026.3.2 or later to address this vulnerability.